GHSA-MJ4P-RC52-M843 OpenClaw: Sandbox staged writes could escape the verified parent directory before commit

Summary In affected versions of openclaw, sandbox fs-bridge writes validated the destination before commit, but temporary file creation and population were not pinned to a verified parent directory. A raced parent-path alias change could cause the staged temp file to be created outside the intend...

OpenClaw: Sandbox staged writes could escape the verified parent directory before commit

Summary In affected versions of openclaw, sandbox fs-bridge writes validated the destination before commit, but temporary file creation and population were not pinned to a verified parent directory. A raced parent-path alias change could cause the staged temp file to be created outside the intend...